package com.application.configuration;

import org.apache.tomcat.util.security.MD5Encoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class MySecurityConfig extends WebSecurityConfigurerAdapter{
	@Autowired
	MyUserDetailService mySecurityConfig;
	@Override
	protected void configure(AuthenticationManagerBuilder auth)
			throws Exception {
		// TODO Auto-generated method stub
		auth.userDetailsService(mySecurityConfig);
//		auth.inMemoryAuthentication().withUser("yangzhen721@163.com").password("1");
	}
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// TODO Auto-generated method stub
		//不需要验证权限的地址
		http.authorizeRequests().antMatchers("/js/**","/css/**","/img/**","/permit/**","/font/**","/assets/**").permitAll()
        //其他地址的访问均需验证权限
        .anyRequest().authenticated()
        .and()
        .formLogin()
        //指定登录页是"/login"
        .loginPage("/login")
        .loginProcessingUrl("/login")
        .defaultSuccessUrl("/home")//登录成功后默认跳转到"/hello"
        .failureUrl("/login")
        .permitAll()
        .and()
        .logout()
        .logoutUrl("/logout")
        .logoutSuccessUrl("/login")//退出登录后的默认url是"/home"
        .permitAll();
		http.csrf().disable();
		
	}public MySecurityConfig() {
		// TODO Auto-generated constructor stub
	}
	@Override
	public void configure(WebSecurity web) throws Exception {
		// TODO Auto-generated method stub
		super.configure(web);
	}
}
